Solidfire \& hci storage node

This hub aggregates every CVE we track for Solidfire \& hci storage node, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Solidfire \& hci storage node.

• CVE-2025-0725gzip integer overflow7.3Feb 5, 2025
• CVE-2025-0167netrc and default credential leak3.4Feb 5, 2025
• CVE-2024-40896In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by set...9.1Dec 23, 2024
• CVE-2024-50602An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.5.9Oct 27, 2024
• CVE-2024-36958NFSD: Fix nfsd4_encode_fattr4() crasher5.5May 30, 2024
• CVE-2024-33602nscd: netgroup cache assumes NSS callback uses in-buffer strings7.4May 6, 2024
• CVE-2023-5178Kernel: use after free in nvmet_tcp_free_crypto in nvme8.8Nov 1, 2023
• CVE-2023-37920Certifi's removal of e-Tugra root certificate7.5Jul 25, 2023
• CVE-2023-32257Session race condition remote code execution vulnerability8.1Jul 24, 2023
• CVE-2023-38426An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context_vals when create_context's name_len is larger than the tag length.9.1Jul 17, 2023
• CVE-2023-38428An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading...9.1Jul 17, 2023
• CVE-2023-38432An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification...9.1Jul 17, 2023
• CVE-2022-36946nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a o...7.5Jul 27, 2022
• CVE-2022-2047In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly ...2.7Jul 7, 2022
• CVE-2022-2048In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associa...7.5Jul 7, 2022